- A number of patients from Suburban Lung Associates in Illinois may face a protected health information (PHI) breach, when a local CBS affiliate received information that medical records had been found in a dumpster. According to the news station, it discovered a number of patient charts thrown in the trash that contained PHI such as patients’ medical histories, Social Security numbers and driver’s licenses.
The CBS affiliate discovered that the dumpster belonged to Filefax, a company that stores and transports medical records. The news station also found medical records in a parked car that belonged to Filefax.
The news station also met a dumpster diver who said she had filled a large container with medical records to sell for recycling paper. The woman explained that Filefax had allowed her to take the papers a week prior. The dumpster diver added that she had made ten trips with 1,000 pounds of Suburan’s medical records.
Filefax would not open their door when CBS 2 investigators attempted to speak with them, according to the news source. CBS 2 alerted Northbrook police of the unsecure medical information, and police then ordered Filefax to secure the dumpster in their facility.
Suburban provided the news station with a statement after being informed of the possible PHI breach. The healthcare facility said that it began investigating the problem as soon as it learned of the breach, and that they were cooperating with law enforcement agents to resolve the problem.
The hospital told the CBS affiliate that its security policy mandates that the vendor destroy all medical files before they are thrown away. Suburban also said that it believes this breach is an isolated occurrence, and that they are strongly invested in their patients’ security. According to the report, the Illinois Attorney General and US Department of Health and Human Services are investigating the breach.
In a similar story HealthITSecurity.com discussed late last year, a local ABC affiliate in Florida investigated a report that confidential information was being improperly thrown away. According to the news station, it discovered two full dumpsters, one where documents were sitting on top of a pile of trash.
The documents were allegedly from the Henry & Rilla White Foundation, a troubled-youth non-profit organization. Information in the improperly disposed documents included confidential patient information and Social Security numbers.
It was not made clear at the time who had thrown these documents away or who had taken them.
Both of these stories are prime examples of the need for healthcare facilities to put tough safeguards in place for physical, technical and administrative processes. Utilizing appropriate safeguarding methods could prevent protected information from being mishandled and misused by unauthorized individuals. Failure to put these protective measures in place could lead to fines, penalties or even jail time for offenders.